General
-
Target
80f2e8273e304fe830eda259008721b9eea4ac2d68d4d5a87ec8ab7ea74d59fd
-
Size
706KB
-
Sample
211025-atrzfagdan
-
MD5
4b78b7017e2fe268f35e21dfb03531ff
-
SHA1
93b38233c3d98f1525842144dfe0b161c47d3aae
-
SHA256
80f2e8273e304fe830eda259008721b9eea4ac2d68d4d5a87ec8ab7ea74d59fd
-
SHA512
b60e576c75f6c6715f57bc9eb3cfc1f116ad5e6e65d2df3a3df190d1a721a87128ec97eff56e3618fcbf8fa78e279122138b938e3cec24c113d08fe5e4234d08
Static task
static1
Malware Config
Targets
-
-
Target
80f2e8273e304fe830eda259008721b9eea4ac2d68d4d5a87ec8ab7ea74d59fd
-
Size
706KB
-
MD5
4b78b7017e2fe268f35e21dfb03531ff
-
SHA1
93b38233c3d98f1525842144dfe0b161c47d3aae
-
SHA256
80f2e8273e304fe830eda259008721b9eea4ac2d68d4d5a87ec8ab7ea74d59fd
-
SHA512
b60e576c75f6c6715f57bc9eb3cfc1f116ad5e6e65d2df3a3df190d1a721a87128ec97eff56e3618fcbf8fa78e279122138b938e3cec24c113d08fe5e4234d08
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine Payload
-
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
suricata: ET MALWARE AutoHotkey Downloader Checkin via IPLogger
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2
-